Security Advisory Important: qemu-kvm security update

Advisory: RHSA-2017:0987-1
Type: Security Advisory
Severity: Important
Issued on: 2017-04-18
Last updated on: 2017-04-18
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Server TUS (v. 7.3)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2016-9603

Details

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux
on a variety of architectures. The qemu-kvm packages provide the user-space
component for running virtual machines that use KVM.

Security Fix(es):

* A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA
emulator's VNC display driver support; the issue could occur when a VNC client
attempted to update its display after a VGA operation is performed by a guest. A
privileged user/process inside a guest could use this flaw to crash the QEMU
process or, potentially, execute arbitrary code on the host with privileges of
the QEMU process. (CVE-2016-9603)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, shut down all running virtual machines. Once all
virtual machines have shut down, start them again for this update to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
qemu-kvm-1.5.3-126.el7_3.6.src.rpm
File outdated by:  RHSA-2017:1430
    MD5: 732ee7deaa65e607cbb2424d5856ea0c
SHA-256: 5aeb6404e87f577e6fe76577226547e2b8a47623b5a74fc99ba34d8d111ef887
 
x86_64:
qemu-img-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2233803718f3b45080a9541840d767ec
SHA-256: e0199b08311f13cbcb5c63b5bc4883075a5661471a5df7f33a32fb5dcb99d8a1
qemu-kvm-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 46164a467cabea394db8a5db6830b1ec
SHA-256: 44eb00f5f174d2c763a31612566072240c26865ab17bfc8d78c4d246de7e2dbc
qemu-kvm-common-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2b3f0209dc12e4bf2c2b7b6dcecccbf4
SHA-256: 47269dc00e7158d6500a270f1672a01807c9ab3c2ef92bb2d9eed32662bbbd3d
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: e522afc1a87de7a81d52146e5178eb22
SHA-256: 9ffcb586a99eb5d42bdb5c071a810b750de2161fbb9d72500fe6034c3e6c691b
qemu-kvm-tools-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: dec0a501d07c04d0484b0f6c2dc8a370
SHA-256: 94d7f8f360e6c406a00c3b8896fc731de717cf4ed9701341d2735d0c34460eb4
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
qemu-kvm-1.5.3-126.el7_3.6.src.rpm
File outdated by:  RHSA-2017:1430
    MD5: 732ee7deaa65e607cbb2424d5856ea0c
SHA-256: 5aeb6404e87f577e6fe76577226547e2b8a47623b5a74fc99ba34d8d111ef887
 
x86_64:
qemu-img-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2233803718f3b45080a9541840d767ec
SHA-256: e0199b08311f13cbcb5c63b5bc4883075a5661471a5df7f33a32fb5dcb99d8a1
qemu-kvm-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 46164a467cabea394db8a5db6830b1ec
SHA-256: 44eb00f5f174d2c763a31612566072240c26865ab17bfc8d78c4d246de7e2dbc
qemu-kvm-common-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2b3f0209dc12e4bf2c2b7b6dcecccbf4
SHA-256: 47269dc00e7158d6500a270f1672a01807c9ab3c2ef92bb2d9eed32662bbbd3d
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: e522afc1a87de7a81d52146e5178eb22
SHA-256: 9ffcb586a99eb5d42bdb5c071a810b750de2161fbb9d72500fe6034c3e6c691b
qemu-kvm-tools-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: dec0a501d07c04d0484b0f6c2dc8a370
SHA-256: 94d7f8f360e6c406a00c3b8896fc731de717cf4ed9701341d2735d0c34460eb4
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
qemu-kvm-1.5.3-126.el7_3.6.src.rpm
File outdated by:  RHSA-2017:1430
    MD5: 732ee7deaa65e607cbb2424d5856ea0c
SHA-256: 5aeb6404e87f577e6fe76577226547e2b8a47623b5a74fc99ba34d8d111ef887
 
PPC:
qemu-img-1.5.3-126.el7_3.6.ppc64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 34bbca0bf693b1c1a25b9c39f5f427de
SHA-256: 638b617d9acb99135782d698e0bf5712cbf0c1b06545bb3969252631664eb43c
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.ppc64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 84929fef37228578cacb1bc6f12113e2
SHA-256: cfd7f406fe7951121aa13936b5ff6a6b024ccd01c3bca367942c836f7910ef36
 
PPC64LE:
qemu-img-1.5.3-126.el7_3.6.ppc64le.rpm
File outdated by:  RHSA-2017:1430
    MD5: 798fba03e0e43e49a819c28da43ea764
SHA-256: ee8643ae31bc24fd014580b103440e38168facc05e9d498c1b75865f096deaf4
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.ppc64le.rpm
File outdated by:  RHSA-2017:1430
    MD5: dcc92ae3f65914ca204254dd671ff0e0
SHA-256: eed1127f8a8cdea6d049bd69832dad3fab72ddd45b016fd14482fdc33c91136a
 
x86_64:
qemu-img-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2233803718f3b45080a9541840d767ec
SHA-256: e0199b08311f13cbcb5c63b5bc4883075a5661471a5df7f33a32fb5dcb99d8a1
qemu-kvm-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 46164a467cabea394db8a5db6830b1ec
SHA-256: 44eb00f5f174d2c763a31612566072240c26865ab17bfc8d78c4d246de7e2dbc
qemu-kvm-common-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2b3f0209dc12e4bf2c2b7b6dcecccbf4
SHA-256: 47269dc00e7158d6500a270f1672a01807c9ab3c2ef92bb2d9eed32662bbbd3d
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: e522afc1a87de7a81d52146e5178eb22
SHA-256: 9ffcb586a99eb5d42bdb5c071a810b750de2161fbb9d72500fe6034c3e6c691b
qemu-kvm-tools-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: dec0a501d07c04d0484b0f6c2dc8a370
SHA-256: 94d7f8f360e6c406a00c3b8896fc731de717cf4ed9701341d2735d0c34460eb4
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
qemu-kvm-1.5.3-126.el7_3.6.src.rpm
File outdated by:  RHSA-2017:1430
    MD5: 732ee7deaa65e607cbb2424d5856ea0c
SHA-256: 5aeb6404e87f577e6fe76577226547e2b8a47623b5a74fc99ba34d8d111ef887
 
x86_64:
qemu-img-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2233803718f3b45080a9541840d767ec
SHA-256: e0199b08311f13cbcb5c63b5bc4883075a5661471a5df7f33a32fb5dcb99d8a1
qemu-kvm-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 46164a467cabea394db8a5db6830b1ec
SHA-256: 44eb00f5f174d2c763a31612566072240c26865ab17bfc8d78c4d246de7e2dbc
qemu-kvm-common-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2b3f0209dc12e4bf2c2b7b6dcecccbf4
SHA-256: 47269dc00e7158d6500a270f1672a01807c9ab3c2ef92bb2d9eed32662bbbd3d
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: e522afc1a87de7a81d52146e5178eb22
SHA-256: 9ffcb586a99eb5d42bdb5c071a810b750de2161fbb9d72500fe6034c3e6c691b
qemu-kvm-tools-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: dec0a501d07c04d0484b0f6c2dc8a370
SHA-256: 94d7f8f360e6c406a00c3b8896fc731de717cf4ed9701341d2735d0c34460eb4
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
qemu-kvm-1.5.3-126.el7_3.6.src.rpm
File outdated by:  RHSA-2017:1430
    MD5: 732ee7deaa65e607cbb2424d5856ea0c
SHA-256: 5aeb6404e87f577e6fe76577226547e2b8a47623b5a74fc99ba34d8d111ef887
 
x86_64:
qemu-img-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2233803718f3b45080a9541840d767ec
SHA-256: e0199b08311f13cbcb5c63b5bc4883075a5661471a5df7f33a32fb5dcb99d8a1
qemu-kvm-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 46164a467cabea394db8a5db6830b1ec
SHA-256: 44eb00f5f174d2c763a31612566072240c26865ab17bfc8d78c4d246de7e2dbc
qemu-kvm-common-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: 2b3f0209dc12e4bf2c2b7b6dcecccbf4
SHA-256: 47269dc00e7158d6500a270f1672a01807c9ab3c2ef92bb2d9eed32662bbbd3d
qemu-kvm-debuginfo-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: e522afc1a87de7a81d52146e5178eb22
SHA-256: 9ffcb586a99eb5d42bdb5c071a810b750de2161fbb9d72500fe6034c3e6c691b
qemu-kvm-tools-1.5.3-126.el7_3.6.x86_64.rpm
File outdated by:  RHSA-2017:1430
    MD5: dec0a501d07c04d0484b0f6c2dc8a370
SHA-256: 94d7f8f360e6c406a00c3b8896fc731de717cf4ed9701341d2735d0c34460eb4
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1430056 - CVE-2016-9603 Qemu: cirrus: heap buffer overflow via vnc connection


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/